| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/policy_target.h" | 5 #include "sandbox/win/src/policy_target.h" |
| 6 | 6 |
| 7 #include "sandbox/win/src/crosscall_client.h" | 7 #include "sandbox/win/src/crosscall_client.h" |
| 8 #include "sandbox/win/src/ipc_tags.h" | 8 #include "sandbox/win/src/ipc_tags.h" |
| 9 #include "sandbox/win/src/policy_engine_processor.h" | 9 #include "sandbox/win/src/policy_engine_processor.h" |
| 10 #include "sandbox/win/src/policy_low_level.h" | 10 #include "sandbox/win/src/policy_low_level.h" |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 72 // called before the actual call to LowerToken. | 72 // called before the actual call to LowerToken. |
| 73 NTSTATUS WINAPI TargetNtSetInformationThread( | 73 NTSTATUS WINAPI TargetNtSetInformationThread( |
| 74 NtSetInformationThreadFunction orig_SetInformationThread, HANDLE thread, | 74 NtSetInformationThreadFunction orig_SetInformationThread, HANDLE thread, |
| 75 NT_THREAD_INFORMATION_CLASS thread_info_class, PVOID thread_information, | 75 NT_THREAD_INFORMATION_CLASS thread_info_class, PVOID thread_information, |
| 76 ULONG thread_information_bytes) { | 76 ULONG thread_information_bytes) { |
| 77 do { | 77 do { |
| 78 if (SandboxFactory::GetTargetServices()->GetState()->RevertedToSelf()) | 78 if (SandboxFactory::GetTargetServices()->GetState()->RevertedToSelf()) |
| 79 break; | 79 break; |
| 80 if (ThreadImpersonationToken != thread_info_class) | 80 if (ThreadImpersonationToken != thread_info_class) |
| 81 break; | 81 break; |
| 82 if (!thread_information) | |
| 83 break; | |
| 84 HANDLE token; | |
| 85 if (sizeof(token) > thread_information_bytes) | |
| 86 break; | |
| 87 | |
| 88 NTSTATUS ret = CopyData(&token, thread_information, sizeof(token)); | |
| 89 if (!NT_SUCCESS(ret) || NULL != token) | |
| 90 break; | |
| 91 | |
| 92 // This is a revert to self. | 82 // This is a revert to self. |
| 93 return STATUS_SUCCESS; | 83 return STATUS_SUCCESS; |
| 94 } while (false); | 84 } while (false); |
| 95 | 85 |
| 96 return orig_SetInformationThread(thread, thread_info_class, | 86 return orig_SetInformationThread(thread, thread_info_class, |
| 97 thread_information, | 87 thread_information, |
| 98 thread_information_bytes); | 88 thread_information_bytes); |
| 99 } | 89 } |
| 100 | 90 |
| 101 // Hooks NtOpenThreadToken to force the open_as_self parameter to be set to | 91 // Hooks NtOpenThreadToken to force the open_as_self parameter to be set to |
| (...skipping 16 matching lines...) Expand all Loading... |
| 118 ACCESS_MASK desired_access, BOOLEAN open_as_self, ULONG handle_attributes, | 108 ACCESS_MASK desired_access, BOOLEAN open_as_self, ULONG handle_attributes, |
| 119 PHANDLE token) { | 109 PHANDLE token) { |
| 120 if (!SandboxFactory::GetTargetServices()->GetState()->RevertedToSelf()) | 110 if (!SandboxFactory::GetTargetServices()->GetState()->RevertedToSelf()) |
| 121 open_as_self = FALSE; | 111 open_as_self = FALSE; |
| 122 | 112 |
| 123 return orig_OpenThreadTokenEx(thread, desired_access, open_as_self, | 113 return orig_OpenThreadTokenEx(thread, desired_access, open_as_self, |
| 124 handle_attributes, token); | 114 handle_attributes, token); |
| 125 } | 115 } |
| 126 | 116 |
| 127 } // namespace sandbox | 117 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 937353002:
Adding method to create process using LowBox token in sandbox code. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master